CVE-2007-1380

Impact:
Important
Public Date:
2007-02-14
Bugzilla:
240157: CVE-2007-1380 php session extension information leak

The MITRE CVE dictionary describes this issue as:

The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.

Find out more about CVE-2007-1380 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Our previous fixes for CVE-2007-0906 included a patch that also addressed the issue now given CVE name CVE-2007-1380. For a full list of versions that contained a fix for this issue please see: https://rhn.redhat.com/cve/CVE-2007-1380.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (php) RHSA-2007:0082 2007-03-14
Stronghold 4 for Red Hat Enterprise Linux (stronghold-php) RHSA-2007:0089 2007-02-26
Red Hat Enterprise Linux 4 (php) RHSA-2007:0076 2007-02-19
Red Hat Enterprise Linux 2.1 (php) RHSA-2007:0081 2007-02-21
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (php) RHSA-2007:0088 2007-02-22
Red Hat Enterprise Linux 3 (php) RHSA-2007:0076 2007-02-19

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.